Good news for the help desk and end users alike! Outlook 2010 has a handy new feature to quickly insert a snapshot of any individual application’s window on the fly. It is the equivalent of activating the window and doing an [ALT + PRNT SCRN], however your users don’t have to remember this key combination, and they don’t need to do anything outside of the new message composer.
Source: http://blogs.msdn.com/b/outlook/archive/2010/04/28/sending-screenshots.aspx
Adobe Reader and Java are common targets for exploits, and potential gateways for tons of malicious things to get into your PC. Oddly enough, the default updating behaviors of these programs puts security on the back burner to convenience. Updating these two programs often is a good way to keep nasty things from working their way into your system.
Java:
Java typically does not place an entry in your Start menu, so even finding the location to configure it can be a challenge for some. Navigate to your Control Panel and double click “Java”, or if you have Windows Vista or newer you can simply type “java” into the search box on your Start Menu.
Click the “Update” tab and then the “Advanced…” button. There is no option to automatically install the updates, but from here you can increase the frequency that Java will check for patches from the server. Additionally, you can choose “Notify Me: [BEFORE INSTALLING]” in place of “BEFORE DOWNLOADING” to tell Java to at least download the updates and stage it for installation.
Adobe:
Adobe has a much more convenient “automatic install” setting for updates which means as soon as the patch is deployed by Adobe, your system will download and install it. To enable this setting, open Adobe Reader, and click “Edit -> Preferences”.
Alternatively, there is a third party option made by Foxit Software.
In summary this filter bypass is achieved by:
1) Downloading Firefox
2) Setting the Firefox to use one of the ISA servers in the CARP pool as its proxy
3) Injecting headers that reference a different ISA server for the “Via:” value.
Source: http://mrhinkydink.blogspot.com/2010/08/websenseisa-via-bypass-redux.html
In this video, a police officer fires his taser at a boy on a bicycle who is refusing to stop. The taser strikes the boy, causing him to fall off the bike. The officer then proceeds to run over the boy, killing him.
There are so many things wrong with this video. The only thing the suspect did wrong here was resist arrest, but in his defense with the insanity later demonstrated by the police officer I don’t blame him for running for his life.
The app has been removed now, but for the lucky few who snagged it quickly, tethering is possible with a non-jailbroken iPhone. The best part is it was made by a 15-year-old kid!
On the other hand, why isn’t Apple checking the source code of these apps more carefully? What if he had instead put in some code to transmit your iTunes credit card information, address book, or GPS data against your will?
Source: http://gizmodo.com/5592521/how-a-guy-tricked-apple-with-a-disguised-iphone-tethering-app
With the current power that law enforcement has when serving warrants they are not required to produce any proof of their identity or the existence of said warrant before entering your home. The thought process behind this was most likely to prevent your buddy from flushing drug contraband down the toilet while you stall the cops and read the warrant line by line.
The reality of the situation however, is that ANYONE can kick in your front door, claiming to be from- oh I don’t know… the FBI, and you are supposed to just lie down and let them do their thing. This family was having none of that. When the three men approach their home in the middle of the night dressed in FBI clothing and claiming to be agents, the occupants reply back with gunfire through the front window.
In this case the family was justified- although I’m not sure how they knew that these men were not from the actual FBI. Had they shot at real agents we would probably be reading articles about how the FBI slaughtered an entire family in “self defense”.
Video: http://www.liveleak.com/view?i=9fc_1279239950
Interesting notes concerning unlawful arrests:
“Citizens may resist unlawful arrest to the point of taking an arresting officer’s life if necessary.” Plummer v. State, 136 Ind. 306. This premise was upheld by the Supreme Court of the United States in the case: John Bad Elk v. U.S., 177 U.S. 529. The Court stated: “Where the officer is killed in the course of the disorder which naturally accompanies an attempted arrest that is resisted, the law looks with very different eyes upon the transaction, when the officer had the right to make the arrest, from what it does if the officer had no right. What may be murder in the first case might be nothing more than manslaughter in the other, or the facts might show that no offense had been committed.”
“An arrest made with a defective warrant, or one issued without affidavit, or one that fails to allege a crime is within jurisdiction, and one who is being arrested, may resist arrest and break away. lf the arresting officer is killed by one who is so resisting, the killing will be no more than an involuntary manslaughter.” Housh v. People, 75 111. 491; reaffirmed and quoted in State v. Leach, 7 Conn. 452; State v. Gleason, 32 Kan. 245; Ballard v. State, 43 Ohio 349; State v Rousseau, 241 P. 2d 447; State v. Spaulding, 34 Minn. 3621.
“When a person, being without fault, is in a place where he has a right to be, is violently assaulted, he may, without retreating, repel by force, and if, in the reasonable exercise of his right of self defense, his assailant is killed, he is justified.” Runyan v. State, 57 Ind. 80; Miller v. State, 74 Ind. 1.
“These principles apply as well to an officer attempting to make an arrest, who abuses his authority and transcends the bounds thereof by the use of unnecessary force and violence, as they do to a private individual who unlawfully uses such force and violence.” Jones v. State, 26 Tex. App. I; Beaverts v. State, 4 Tex. App. 1 75; Skidmore v. State, 43 Tex. 93, 903.
“An illegal arrest is an assault and battery. The person so attempted to be restrained of his liberty has the same right to use force in defending himself as he would in repelling any other assault and battery.” (State v. Robinson, 145 ME. 77, 72 ATL. 260).
“Each person has the right to resist an unlawful arrest. In such a case, the person attempting the arrest stands in the position of a wrongdoer and may be resisted by the use of force, as in self- defense.” (State v. Mobley, 240 N.C. 476, 83 S.E. 2d 100).
“One may come to the aid of another being unlawfully arrested, just as he may where one is being assaulted, molested, raped or kidnapped. Thus it is not an offense to liberate one from the unlawful custody of an officer, even though he may have submitted to such custody, without resistance.” (Adams v. State, 121 Ga. 16, 48 S.E. 910).
“Story affirmed the right of self-defense by persons held illegally. In his own writings, he had admitted that ‘a situation could arise in which the checks-and-balances principle ceased to work and the various branches of government concurred in a gross usurpation.’ There would be no usual remedy by changing the law or passing an amendment to the Constitution, should the oppressed party be a minority. Story concluded, ‘If there be any remedy at all … it is a remedy never provided for by human institutions.’ That was the ‘ultimate right of all human beings in extreme cases to resist oppression, and to apply force against ruinous injustice.’” (From Mutiny on the Amistad by Howard Jones, Oxford University Press, 1987, an account of the reading of the decision in the case by Justice Joseph Story of the Supreme Court.
As for grounds for arrest: “The carrying of arms in a quiet, peaceable, and orderly manner, concealed on or about the person, is not a breach of the peace. Nor does such an act of itself, lead to a breach of the peace.” (Wharton’s Criminal and Civil Procedure, 12th Ed., Vol.2: Judy v. Lashley, 5 W. Va. 628, 41 S.E. 197)
Source of unlawful arrest info: http://www.reddit.com/r/guns/comments/crct0/sheriffs_deputies_disdain_for_constitution/c0upiny
The attack uses specially crafted shortcut (.lnk) files, which trick Windows into running code of an attacker’s choosing. Any Windows application that tries to display the shortcut’s icon—including Explorer—will cause exploitation, so even the mere act of browsing a directory with the malicious shortcuts is sufficient for a system to be exploited.
This exploit can be compared to historic Auto-Run attacks in which a user places malicious code on a flash drive or optical media, and sets the auto-run to point to it- however this new form of attack cannot be avoided by simply disabling auto-run, as the code is run as soon as the exploited icon is shown.
A temporary workaround for the ultra-paranoid is disabling the display of all icons with a registry edit. Drastic, but effective. For information on how to do this, visit http://www.microsoft.com/technet/security/advisory/2286198.mspx and click on “Workarounds”.
Source: http://arstechnica.com/microsoft/news/2010/07/new-windows-shortcut-zero-day-exploit-confirmed.ars
Remember the Paintball Sentry Gun from a while back? The South Korean army has taken that concept to a whole new level with this bad boy:
The article mentions that motion detectors alert a remote operator of enemy movement, who can determine whether or not to fire the sentry’s main gun. Let’s hope these bad boys are a little more locked down than the US Air Force’s UAVs.
Source: http://www.everydaynodaysoff.com/2010/07/16/south-korean-sentinel-robots-start-dmz-duty/
Powered by WordPress